I'm developing an SPA (Laravel and VUE) and would like a third party to pass back a post request to my application. In particular, a third party webpage will be presented in an iframe where I'll pass my Laravel JWT via a parameter in the URL (www.some_other_domain.com?jwt=fjisoilLLFL). I'd like it to then add data to the JWT and then pass it back to my application via a cURL post request. I know that the JWT "contains" the authenticated user in it but I'm not seeing how to set up the Post request so that Laravel can consume the JWT and verify that it's an authenticated user.
As I understand, you want a post route that is authenticated through your JWT so the iframe can make a request to your application.
Disclaimer: I suggest you avoid this approach if possible
In that case, you simply need to add a post route as you would normally do. Nothing really changes. Because a request authenticated through JWT is stateless, it doesn't care that it's coming from the same browser or anything, just that the token is valid in this case.
Simply add an auth middleware with the correct guard
I must be misunderstanding something basic because I’m still not seeing how the request is going to contain the jwt. To be more specific, if I submit a form via vanilla PHP with an input field having name=“age” then the request will contain age as a key in $_POST. What is the key that Laravel checks in an SPA to ensure a valid JWT?
